Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6945b1b6375202378fe90f17235f0d00_exe32.exe

  • Size

    1.1MB

  • Sample

    231015-yczjyscb21

  • MD5

    6945b1b6375202378fe90f17235f0d00

  • SHA1

    ac27b9609a00c94dce5129eaa8c65eacb899e984

  • SHA256

    569a977023b8a9fb2fa761343ff88f7091a2ebef77293d0333a91a12e1225448

  • SHA512

    13e5744c37c7dddfcd564b2b83c5c75b47e05f2a530d37b9291f80f8e2a235bcbf0b344a4497c039f5e04db4ffac8007f47d4cb9afedb825b17e176c7bde16d2

  • SSDEEP

    24576:pyaf7VikDptRWix52Fw/gn0u2c2eXOtPbEMbkZy9VuK:caf7V7Rnx52Fw/HcjetPvkZy9

Malware Config

Extracted

Family

redline

Botnet

kukish

C2

77.91.124.55:19071

Targets

    • Target

      6945b1b6375202378fe90f17235f0d00_exe32.exe

    • Size

      1.1MB

    • MD5

      6945b1b6375202378fe90f17235f0d00

    • SHA1

      ac27b9609a00c94dce5129eaa8c65eacb899e984

    • SHA256

      569a977023b8a9fb2fa761343ff88f7091a2ebef77293d0333a91a12e1225448

    • SHA512

      13e5744c37c7dddfcd564b2b83c5c75b47e05f2a530d37b9291f80f8e2a235bcbf0b344a4497c039f5e04db4ffac8007f47d4cb9afedb825b17e176c7bde16d2

    • SSDEEP

      24576:pyaf7VikDptRWix52Fw/gn0u2c2eXOtPbEMbkZy9VuK:caf7V7Rnx52Fw/HcjetPvkZy9

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks